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We Claim : 

1. A method of forestalling actions that would defeat an access-control 
mechanism for a volume at least a portion of which is on a storage-device, 
communication between an input/ output (I/O) initiator and the storage-device 
taking place via a stack of device objects (DOs) representing the volume, the 
method comprising: 

selectively preventing, at the stack-level, a change in characteristic 
information for the volume. 

2. The method of claim 1, further comprising: 

receiving an input/output request packet (IRP) that is traversing a stack 
of device objects, the stack representing a data-storage device; 

determining whether the IRP represents a request to change 
characteristic information for the storage-volume to which the stack 
corresponds; and 

selectively failing the IRP depending upon the type of change being 
requested. 

3. The method of claim 2, the method further comprising: 
checking whether the IRP is of a type meriting scrutiny; and 

skipping the determining and selectively-failing steps if the IRP does not 
merit scrutiny. 

4. The method of claim 3, wherein: 

the checking step inspects whether the IRP includes the major function 
code I RP_MJ_C REATE ; and 

the skipping step skips if the IRP does not include IRP_MJ_CREATE. 

5. The method of claim 2, wherein 

the IRP is received at a location in the stack represented by a device 
object; 
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the characteristic information includes a volume-ID of the volume to 
which the device object corresponds; and 

the determining step determines whether the IRP represents a request to 
change the volume-ID. 

6. The method of claim 5, wherein the volume-ID is the volume label. 

7. The method of claim 2, further comprising: 

checking whether an identifier (ID) of the volume (volume-ID) in the IRP 
matches the volume-ID stored as corresponding to the volume; and 

choosing to fail the IRP if the volume-ID in the IRP does not match the 
stored volume-ID. 

8. The method of claim 7, further comprising: 

checking, if the volume-ID in the IRP does not match the stored volume- 
ID, whether the underlying initiator to which the IRP corresponds has 
permission to change the volume-ID; and 

failing the IRP if the initiator does not have permission to change the 
volume-ID. 

9. The method of claim 8, wherein the checking step checks one or more 
bits in an unreserved area of the IRP for a bit-pattern the presence of which 
indicates that the initiator has permission to change the volume-ID. 

10. The method of claim 7, further comprising: 

checking, if the volume-ID in the IRP does not match the stored volume- 
ID, whether the volume-ID in the IRP is available for use; and 

failing the IRP if the volume-ID in the IRP is not available for use. 

11. The method of claim 10, further comprising: 

comparing the volume-ID in the IRP to a list of existing volume-IDs. 
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12. The method of claim 11, the method further comprising: 

updating, if the volume-ID in the IRP is found to be available for use, the 
list to include the volume-ID in the IRP. 

13. A machine-readable medium including instructions execution of which 
by a machine forestalls actions that would defeat an access-control mechanism 
for a volume of a storage-device, the machine-readable instructions comprising: 

a code segment that creates and attaches a filter device object to a stack 
of device objects representing a storage-device; 

a code segment for selectively preventing, at the stack-level, a change in 
characteristic information for the volume. 

14. The machine-readable instructions of claim 1, further comprising: 

a code segment for receiving an input/output request packet (IRP) that is 
traversing a stack of device objects, the stack representing a data-storage 
device; 

a code segment for determining whether the IRP represents a request to 
change characteristic information for the storage-volume to which the stack 
corresponds; and 

a code segment for selectively failing the IRP depending upon the type of 
change being requested. 

15. An apparatus for forestalling actions that would defeat an access-control 
mechanism for a volume at least a portion of which is on a storage-device, 
communication between an input/output (I/O) initiator and the storage-device 
taking place via a stack of device objects (DOs) representing the volume, the 
apparatus comprising: 

a memory in which is created the stack of device objects representing a 
storage-device, the stack including a filter device object (DO); and 

filter driver means for selectively preventing, at the stack-level, a change 
in characteristic information for the volume. 
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16. The apparatus of claim 15, wherein the filter driver means is further 
operable for 

detennining whether an input/output request packet (IRP) arriving at the 
filter DO represents a request to change characteristic information for the 
storage-volume to which the stack corresponds, and 

selectively failing the IRP depending upon the type of change being 
requested. 
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